EventTracker: Upgrade Guide
|
|
- Juliana Porter
- 6 years ago
- Views:
Transcription
1 Upgrade To v7.2 Prism Microsystems 8815 Centre Park Drive Publication Date: February 20, 2012 Columbia MD U.S. Toll Free: (+1) (+1)
2 What s New in EventTracker Introduction The purpose of this document is to help users in upgrading EventTracker Enterprise existing versions to a newer release, and to verify the expected functionality and performance of all its components. If you encounter any problems during upgrade process, please contact support team to get quick and thorough instructions. Technical Support Contact Details: Toll Free: ext. 2 Phone: ext. 2 Fax: support@prismmicrosys.com Audience: It is incumbent upon all users of EventTracker v.6.4 b50, v.7.0, and v.7.1 who wish to upgrade to v7.2 Enterprise. Prism strongly recommends that you read the entire document thoroughly before you begin the upgrade process. For the user s convenience, this document is separated in two parts: Upgrade- Quick View and Upgrade- Detailed View. Upgrade- Quick view is written for the system administrators or the experts who are familiar with EventTracker Enterprise and upgrade process. It is presumed that the user of this section has enough knowledge of system and configuration process. Upgrade- Detailed View is meant for the EventTracker users who are upgrading their EventTracker Version for the first time. In this section, upgrade process is explained with the help of GUI. Before you upgrade: 1. Thoroughly read the EventTracker Architecture guide. This guide explains the architecture and sample deployment methods with illustrations Contact support@prismmicrosys.com for information regarding license keys or license certificates. *IMPORTANT: Users of versions 5.x and below contact support@prismmicrosys.com for complete and thorough instructions. Prism Microsystems, Inc. 1
3 What s New in EventTracker Contents What s New in EventTracker... 3 What s New in EventTracker version 7.2?... 3 Changes and Bug Fixes in EventTracker v What s New in EventTracker version 7.1?... 5 Prerequisites... 6 Planning... 6 Upgrade - Quick View... 7 Upgrading from v6.4 b50 to v7.2 Enterprise... 8 Upgrading from v7.0 to v7.2 Enterprise Upgrading from v7.1 to v7.2 Enterprise Upgrading from v7.2 (Build 38) to v7.2 (any build) Upgrading from v6.4 b50 to v7.2 Enterprise Upgrading from v7.0 to v7.2 Enterprise Upgrading from v7.1 to v7.2 Enterprise Upgrading from v7.2 (Build 38) to v7.2 (any build) Configuring Service Accounts Prism Microsystems, Inc. 2
4 What s New in EventTracker What s New in EventTracker This section will take you through the changes made in the EventTracker versions. What s New in EventTracker version 7.2? 1. Enhanced Windows agent DLA feature and added a send as SYSLOG option and send via FTP/SFTP options. 2. Introducing a LITE version of the product that can be used in situations where only EventTracker Windows agent functionality is required and these agents can send the events (as SYSLOG's) to any third party Log receiver 3. Indexing feature has been enhanced for faster searching and more optimized storage 4. The internal limit for number of VCP's (which was 10 Windows & 10 SYSLOG) has been removed. Based on the system capacity (Disk, RAM, CPU, etc) any number of VCP's can be added 5. New report added to help track all EventTracker configuration changes that have been made 6. MSI provided for installing EventTracker Agent and Change Audit Agent 7. StatusTracker feature enhanced and integrated into the product. New report also added to view StatusTracker information. 8. EventVault Explorer feature enhanced and integrated. 9. Compliance Dashboard added 10. Acknowledge/Notes option added in incidents page & report to track them 11. Provided a simple right click option to create an alert from the selected event. 12. Added a visual Correl rule builder. 13. Added an On-Demand Correl report. 14. Option to save agent Config to separate file and to retrieve agent Config info from these files. 15. Fine tuned key word indexing to get more benefit in reports & log search. 16. Option to display may category to any of the tabs, namely, Operations, Compliance or Security. 17. Agent Management tool enhancements. 18. Option provided in diagnostic dashlet to start/stop/restart a service. 19. Agent upgrade feature enhanced to list agent version details and also added check to prevent upgrade of incompatible versions. 20. Support for SQL Server. 21. SCAP Benchmark Profile editor. 22. Option to manage change audit agent from the manager. 23. Option to see the keyword statistics in log search sorted by occurrence/name. 24. DLA mode support, task/severity map changes for VMWARE events. Prism Microsystems, Inc. 3
5 What s New in EventTracker Changes and Bug Fixes in EventTracker v All patches released for v7.1 are included in v Resolved the problem with providing long report names for HTML reports. 3. Provided quick search options in most tabs to help users locate selections. 4. Added checks to prevent accidental upgrades of incompatible agents. 5. Fix for error when special chars are entered during alert configuration. 6. Fix for the display of blank system tree while editing a report with "All systems" selected. 7. Fix for invalid EventTracker links in RSS feeds for reports. 8. Fix for the issue where some of the events were getting missed in DLA mode from vista agent. 9. Facility to import/delete custom list of systems in Export Import Utility. 10. To allow manual configuration in EventVault storage path. 11. Adding custom data import feature for Systems/Groups. 12. Fix for wrong IP address validation in StatusTracker. 13. Recipients name is getting truncated in s generated for alerts. 14. Fix for CAB transfer failures due to initialization failure of CP. 15. Fix for EventTracker Diagnostics performance issues. 16. Fix for TCP connection issues due to incomplete message header during DLA file transfer. 17. Fix for Agent DLA file transfer failures and EventVault failures in processing left over CAB files. 18. Fix for issue where mails are quarantined by gateway due to the wrong MIME format. 19. Fix for LogFileParser crash while processing Netflow logs. 20. Fix for synchronization issues with Collection Point configuration database Prism Microsystems, Inc. 4
6 What s New in EventTracker What s New in EventTracker version 7.1? EventTracker v7.1 (Build 52) 1. Filter Event id(s) and Event Source(s) when generating a report/analysis. 2. Configurable option to show/hide the statistics & graph display in log search page. 3. Custom data feature for system selection in EventTracker Agent Management Tool. 4. Facility to import/delete custom list of systems in Export Import Utility. EventTracker v7.1 (Build 38) 1. DLA-Extensions (Other File Transfer Option) 2. Reading SQL DB Trace logs via DLA 3. Reading EVTX log files in DLA 4. CD/DVD monitoring (only Windows Explorer) 5. CP-CM to transfer index info files. 6. Standalone utility for analyzing event traffic from eventlog (enhanced GetAllEvt). 7. Change Audit, Change Assessment and Configuration Assessment dashlets added. 8. WebSlice for Alerts added. 9. Diagnostic/Application information dashlets 10. Smart Card reader 11. Extending CP-CM Data transfer for V7 features, changes done in Log Search page to provide a drop down to show the list of CPs. 12. New categories for StatusTracker audit events. Prism Microsystems, Inc. 5
7 Prerequisites Prerequisites Before you begin with the upgrade process, please follow this checklist and make sure that you have all the components in place to perform a successful upgrade. The most effective upgrade method is to first export all the custom settings using Export Import Utility, install the new version, and then import the custom settings. There is no need to export all policy settings since all the Categories included in any prior versions have been retained. The recommended method is to first upgrade the Manager, validate all its functionality, next upgrade the Agents, and lastly verify the performance. Planning This section gives you a rough estimation of time required for upgrading as well as monitoring the successful upgrade. It might take minutes for you to read this document and to complete the upgrade process gracefully. You will also require spending a few minutes the following day after the upgrade, to verify all your Scheduled Reports are being generated. If any reports fail to generate, then please read the Validation section at the end of this document. Prism Microsystems, Inc. 6
8 Upgrade - Quick View Upgrade - Quick View In this section, you can get quick insight into Upgrade process, Upgrade from v6.4 b50 to v7.2 Enterprise Upgrade from v7.0 to v7.2 Enterprise Upgrade from v7.1 to v7.2 Enterprise Prism Microsystems, Inc. 7
9 Upgrade - Quick View Upgrading from v6.4 b50 to v7.2 Enterprise Before you start with the upgrade process 1. Verify that all the prerequisites described above have been satisfied. 2. Backup all custom Categories, Alerts (Please check the Export Settings check box), Filters, Scheduled Reports and RSS Feeds using Export Import Utility. 3. Close/terminate all the EventTracker components like Management console and Reports console, including RDP (Remote Desktop Protocol) sessions. 4. Note down the custom changes you have made in the Trusted List (Agent Configuration -> Network Connection Monitor -> Suspicious Traffic Only (SNAM) -> Trusted List). Upgrade Procedure 1. Uninstall the existing version by retaining old configuration and data. 2. Restart the EventTracker manager server or system. 3. Install EventTracker v7.x Enterprise. 4. Configure the service accounts, if the archives/reports are stored in the network path. 5. Using Export Import Utility, import all the custom Categories, Alerts, Filters, Scheduled Reports and RSS Feeds. 6. Verify that the Categories, Alerts, Filters, Legacy Reports and RSS Feeds are intact. 7. Upgrade all agents using the System Manager. 8. Update the Trusted List with the changes you have noted down earlier. Post Upgrade Process By default, EventTracker sets the threat level of alerts imported from v6.4 as Undefined. You need to set the Threat level explicitly as per your requirement. To set the Threat Level, 1. Open EventTracker Enterprise. 2. Click the Admin hyperlink, and select Alerts. EventTracker displays Alert Management page. 3. Click the alert name to be modified. 4. EventTracker displays Alert Configuration page. 5. Select the threat level from Threat Level dropdown. 6. Click the Finish button. EventTracker saves the configuration settings. Prism Microsystems, Inc. 8
10 Upgrade - Quick View NOTE: Upgrade process for v6.4 to v7.0/7.1/ v7.2 (any build) is same as described. For v6.4 to v7.2 upgrade, if Keyword Indexing is installed and enabled, then launch the keyword Indexing file migration utility. For CM and CP set up, please upgrade CM (Collection Master) first, and then upgrade CP (Collection point). For agent upgrade details, please click here. Prism Microsystems, Inc. 9
11 Upgrade - Quick View Upgrading from v7.0 to v7.2 Enterprise Before you start with the upgrade process Verify that all the prerequisites described above have been satisfied. If you have incorporated your company logo into EventTracker, then take a backup of.jpg file of your company logo before uninstalling the EventTracker. You need to replace the backed up image file after installing EventTracker Enterprise. Close/terminate all the EventTracker components like EventTracker Enterprise, EventTracker Control panel, including RDP (Remote Desktop Protocol) sessions. Upgrading from v7.0 to v Uninstall the existing version by retaining old configuration and data. 2. Restart the EventTracker manager server or system. 3. Install EventTracker v Configure the service accounts, if the archives/reports are stored in the network path. 5. Verify that the Categories, Alerts, Filters, Scheduled Reports and RSS Feeds are intact. 6. Upgrade all windows agents using the System Manager. NOTE: Upgrade process for v7.0 to v7.1 or v7.2 (any build) is same as described. For CM and CP set up, please upgrade CM (Collection Master) first, and then upgrade CP (Collection point). For agent upgrade details, please click here. The custom image files like.jpg or.png in the EventTrackerWeb folder will not be retained after the upgrade. You need to take a backup of those files. Prism Microsystems, Inc. 10
12 Upgrade - Quick View Upgrading from v7.1 to v7.2 Enterprise Before you start with the upgrade process Verify that all the prerequisites described above have been satisfied. If you have incorporated your company logo into EventTracker, then take a backup of.jpg file of your company logo before uninstalling the EventTracker. You need to replace the backed up image file after installing EventTracker Enterprise. Close/terminate all the EventTracker components like EventTracker Enterprise, EventTracker Control panel, including RDP (Remote Desktop Protocol) sessions. Upgrading from v7.1 to v Uninstall the existing version by retaining old configuration and data. 2. Restart the EventTracker manager server or system. 3. Install EventTracker v Configure the service accounts, if the archives/reports are stored in the network path. 5. Verify that the Categories, Alerts, Filters, Scheduled reports and RSS Feeds are intact. 6. Upgrade all windows agents using the System Manager. 7. Run KeywordMigration.exe file. NOTE: For v7.1 to v7.2 upgrade, if Keyword Indexing is installed and enabled, then launch the keyword Indexing file migration utility. For CM and CP set up, please upgrade CM (Collection Master) first, and then upgrade CP (Collection point). For agent upgrade details, please click here. The custom image files like.jpg or.png in the EventTrackerWeb folder will not be retained after the upgrade. You need to take a backup of those files. Prism Microsystems, Inc. 11
13 Upgrade - Quick View Upgrading from v7.2 (Build 38) to v7.2 (any build) The procedure to upgrade from v7.2 (build 38) to v7.2 (any build) is same like upgrading from v7.1 to v7.2. Prism Microsystems, Inc. 12
14 In this section, you will learn upgrade process in detail. Upgrade from v6.4 b50 to v7.2 Enterprise Upgrade from v7.0 to v 7.2 Enterprise Upgrade from v7.1 to v7.2 Enterprise Prism Microsystems, Inc. 13
15 Upgrading from v6.4 b50 to v7.2 Enterprise Before you start with the upgrade process: Creating Backup of the Configuration Data and Reports: In order to retain the configuration data and report of existing version, you need to create backup for all custom Categories, Alerts, Filters, Scheduled reports, and RSS Feeds. This section will help you in creating backup files. 1. Open the EventTracker Management Console. 2. Click the Tools menu, and click Import and Export Utility. Figure 1: EventTracker Manager Console >> Tools tab EventTracker displays Export-Import Utility window. 3. Select the Category option, if not selected by default. 4. From the Categories field, select the EventTracker categories to be exported, and click the Add button. (Example: My Category). Prism Microsystems, Inc. 14
16 Figure 2: Category OR Click Add All button to select all the categories. 5. Click the Export button. EventTracker displays Select Export File window. Figure 3 6. Click Save in dropdown to select the file location, enter the File name, and click the Save button. EventTracker displays confirmation message box. Prism Microsystems, Inc. 15
17 7. Click the OK button. Figure 4 8. Select the Filters option, and click the Export button. Figure 5: Filters EventTracker displays Select Export File window. 9. Select the file location, enter file name, and click the Save button. EventTracker displays confirmation message box. 10. Click the Alerts option, 11. Click the Export Settings checkbox. 12. From the Alerts field, select the alerts to be exported, and click the Add button. (Example: My Alerts) Prism Microsystems, Inc. 16
18 OR Click Add All button to select all the Alerts. 13. Click the Export button. Figure 6: Alerts EventTracker displays Select Export File window. 14. Click Save in dropdown to select the file location, enter the file name, and click the Save button. EventTracker displays confirmation message box. 15. Click the OK button. 16. Click the Scheduled Reports, click the Export without System names box, and then click the Export button. Prism Microsystems, Inc. 17
19 EventTracker displays Select Export File window. Figure 7: Scheduled Reports 17. Click Save in dropdown to select the file location, enter the file name, and click the Save button. (Example: My Reports) EventTracker displays confirmation message box. 18. Click the OK button. If there are no scheduled reports present in the database then EventTracker will display the information message. Figure Click the RSS Feeds option, and click the Export button. Prism Microsystems, Inc. 18
20 Figure 9: RSS Feed EventTracker displays Select Export File window. 20. Click Save in dropdown to select the file location, enter the file name, and click the Save button. (Example: RSS Feed) EventTracker displays confirmation message box. 21. Click the OK button. If there are no RSS feeds present in the database then EventTracker displays an information message. Figure Click the Close button, to close the Export Import Utility window. Note down the list of Trusted Connections Note down the custom changes you have made in the Trusted List. This option will help you to get the Trusted list details. 1. Click Start > Programs > Prism Microsystems > Select EventTracker > and click EventTracker Control Panel. EventTracker displays EventTracker Control Panel. Prism Microsystems, Inc. 19
21 2. Click Agent Configuration icon. Figure 11: EventTracker Control Panel Figure 12: Agent Configuration Window By default, EventTracker displays Managers tab. 3. Click Network Connection Monitor tab, select Suspicious Traffic Only (SNAM) option, and click the Trusted List button. EventTracker displays Trusted Connections List pop-up window. Prism Microsystems, Inc. 20
22 Figure 13: Trusted Connection List 4. Note down the custom changes you have done in the list. Close/terminate all the EventTracker Components Before you start with upgrade, it is very crucial to close/terminate all the EventTracker components present in the system, like Management Console, Report Console, and even RDP (Remote Desktop Protocol) session. During uninstall, If any of the EventTracker components is open then EventTracker asks you to close the program. Figure 14 Close the open components, and then click the Retry button. EventTracker resumes uninstall process. Prism Microsystems, Inc. 21
23 Upgrade Procedure: Step 1: Uninstall the version 6.4 b 50 by retaining old configuration and data. 1. Click Start > Select Settings > click Control Panel > click Add or Remove Programs > Select EventTracker > Click the Remove button. Control Panel displays the confirmation message. OR Figure 15 Click Start > select Programs > select Prism Microsystems > select EventTracker > click Uninstall EventTracker EventTracker displays the confirmation message. 2. Click the Yes button. EventTracker starts the uninstall process. Figure 16 Figure 17 EventTracker displays, Uninstall EventTracker confirmation pop up window. Prism Microsystems, Inc. 22
24 3. Click the No button. Figure 18 EventTracker displays Uninstall EventTracker pop up window. Figure 19 By default, the checkboxes are selected. Keep the default selection to retain the data, reports, and configurations. 4. Click the OK button. Step 2: Restart the EventTracker manager server or System. 1. Close all the open applications on the desktop. 2. Click Start > click Shut Down >> Select the Restart option from the dropdown >> click the OK button. Step 3: Install EventTracker v7.2 Enterprise For the details about Installation process, please refer EventTracker v7.2 Enterprise Installation Guide. Link: %20Guide.pdf Prism Microsystems, Inc. 23
25 NOTE: Figure 20 For v6.4, EventTracker uses MS Access database, and uses SQL database for v7.2. Before upgrade, you need to migrate the database from MS Access to SQL database. For this purpose, a Migration Utility will appear while installing v7.2 (See figure 20). This utility will migrate EventVault path, Install path, SMTP port, VCP port details etc. to new SQL database. If you have more than one SQL database instances, then you can select the required instance from the Server dropdown, and then click the Next>> button to proceed migration. Figure 21 After a successful migration process, EventTracker displays a Status: Migration Success message. Click the Finish button go back to the EventTracker installation process. Prism Microsystems, Inc. 24
26 Step 4: Configure the service accounts, if the archives/reports are stored in the network path. Click here to read Configure the service accounts section. Step 5: Import all the custom Categories, Alerts, Filters, Scheduled reports and RSS Feeds After successful EventTracker Enterprise installation, you need to import the custom categories, Alerts, Filters, Scheduled reports and RSS Feeds, which you have exported from EventTracker v Click Start > Programs > Prism Microsystems > EventTracker > and click EventTracker Control Panel. EventTracker displays EventTracker Control Panel. Figure 22: EventTracker Control Panel 2. Click Export Import Utility icon. EventTracker displays Export Import Utility window. 3. Click the Import tab. Prism Microsystems, Inc. 25
27 4. Click Category (If not selected). Figure 23: Category 5. Click the browse button, select the location of the file, and click the Open button. 6. Click the Import button. EventTracker displays Export Import Utility pop up window. 7. Click the OK button. 8. Select the Filters option. Figure Click the browse button, select the location of the file, and click the Open button. 10. Click the Import button. EventTracker displays Export Import Utility pop up window. Prism Microsystems, Inc. 26
28 11. Click the OK button. 12. Click the Alerts option. Figure 25 Figure 26: Alerts 13. Select Import settings checkbox, if not selected. 14. In the Set Active pane, select the appropriate option. 15. Click the browse button, select the location of the file, and click the Open button. 16. Click the Import button. EventTracker displays Export Import Utility pop up window. 17. Click the OK button. 18. Select the RSS Feeds option. Figure 27 Prism Microsystems, Inc. 27
29 Figure 28: RSS Feeds 19. Click the browse button, select the location of the file, and click the Open button. 20. Click the Import button. EventTracker displays Export Import Utility pop up window. 21. Click the OK button. 22. Select the Scheduled Reports option. Figure 29 Prism Microsystems, Inc. 28
30 Figure 30: Scheduled Reports 23. Click the browse button, select the location of the file, and click the Open button. 24. Click the Import button. EventTracker displays Export Import Utility pop up window. 25. Click the OK button. 26. Click the Close button. Figure 31 Step 6: Verify that the imported Categories, Alerts, Filters, Legacy reports and RSS Feeds are intact. Verify Category: 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and click Category. EventTracker displays Category Management Page. 3. Search for the imported custom category under Category Tree tab. In addition, you can find the custom category on the right side of the page, in Last 10 modified categories list. Prism Microsystems, Inc. 29
31 Example: My Category OR Figure 32: Category Management Click the Search tab, enter the category name in the Search field, and then click the Go button. Figure 33 Prism Microsystems, Inc. 30
32 Verify Alerts: 1. Click the Admin hyperlink, and click Alerts. EventTracker displays Alert Management page. Figure 34: Alert Management 2. Enter the alert name in Search Field, and click the Go button. Figure 35 In addition, you can make use of scroll bar to find alerts and the page numbers provided at the top and bottom of Alert Management page. Prism Microsystems, Inc. 31
33 Verify Filters: 1. Click the Admin hyperlink, and click Event Filters. EventTracker displays Event Filters page. The newly imported filters are listed in this page. Figure Click the filter name to see the imported filter details. EventTracker displays Event Filter configuration page. Figure 37: Event Filter Configuration Prism Microsystems, Inc. 32
34 Verify Generated Reports: Upon upgrade to version 7.x, the successfully generated reports from version 6.4 can be viewed in "Legacy Reports" present under the Tools menu. Using Export Import utility you can import the report configurations (of version 6.4) to continue the report generation process in the scheduled time. The report configurations can be seen under the respective reports/analysis tab. 1. Click the Tools dropdown, and click Legacy Reports. EventTracker displays Legacy Reports dialog box. Figure 38: Legacy Reports 2. Expand Legacy Reports folder, and click Scheduled. Here you will get to see the list of successfully generated reports from version 6.4. Figure 39 Prism Microsystems, Inc. 33
35 Verify RSS Feeds: 1. Click the Admin hyperlink, and then click the RSS. EventTracker displays RSS Feeds page. The newly imported RSS feeds are listed in this page. Figure 40: RSS Feeds Step 7: Upgrade all agents using the System Manager. EventTracker agent upgrade is necessary to keep the agents up to date with the manager system. 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and select Systems. EventTracker displays System Manager page. 3. Right click the desired domain/group name, and select Upgrade agent. Figure 41: System Manager EventTracker displays Upgrade Remote Agent(s) pop-up window. Prism Microsystems, Inc. 34
36 OR Figure 42: Upgrade Agent Move the cursor on the remote systems name (where the agent is installed), click the dropdown arrow, and select Upgrade Agent. Figure 43: Upgrade Agent EventTracker displays Upgrade Remote Agent(s) pop-up window. Prism Microsystems, Inc. 35
37 Figure Choose the agent(s) to be upgraded by selecting checkbox, and click the Next button. Figure Select Windows Domain Network option, and fill in the user credentials, Prism Microsystems, Inc. 36
38 OR Figure 46 Select the Upgrade over IP (Non-Windows Domain) option. Figure Select Install default Remedial Action EXEs on this system checkbox. EventTracker displays confirmation message. Figure Click the OK button, and click the Upgrade button. Prism Microsystems, Inc. 37
39 EventTracker displays information message. 8. Click the OK button. EventTracker displays System Status screen. Figure Click the refresh button, to see the latest status. Figure 50: System Status NOTE: It may take some time to load the status. Figure 51 Prism Microsystems, Inc. 38
40 Step 8: Update Trusted list In v6.4, if you have made any changes in Trusted Connection List then you need to update the same in v7.1 Trusted connection List. This option will help you to update the trusted connection list. 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, select Windows Agent Config, and select the Network Connection Monitor tab. 3. Click Suspicious Traffic Only (SNAM) option, and click the Trusted List button. EventTracker displays Trusted Connections List pop-up window. Figure 52: Trusted Connection List 4. Click the New button, fill in the appropriate credentials, and then click the Ok button. Figure 53 The updated details will appear in Trusted Connection List. Prism Microsystems, Inc. 39
41 Figure 54 NOTE: You can also find the Trusted Connection List details in spmconfig.ini file. The file is saved under: Program Files\Prism Microsystems\EventTracker\Agent\spmConfig.ini. If Keyword indexing is installed and enabled, launch the keyword indexing file migration utility. The keyword Indexer folder is restructured. To put the old indexed files into the new structure, KeywordMigration.exe utility file has been provided along with build 7.2. This utility migrates the existing keyword files to new structure. The path for utility file is: <Install folder>\eventtrackerweb\bin\keywordmigration.exe In EventTracker Control Panel >> EventTracker Agent Configuration >> Event Filters tab, Information and Audit Success event types are unchecked by default. Select the Information and Audit Success checkboxes in order to filter large number of Information and Audit Success events. Agent upgrade: While upgrading the Remote agent, make sure to select the appropriate configuration file containing the port that was previously configured in v6.4. I. Click the Advanced button. EventTracker displays Upgrade Remote Agent(s) pop-up window. Prism Microsystems, Inc. 40
42 II. Select Custom Config option. Figure 55 III. Select the required.ini file from the File dropdown. IV. Click the Upgrade button. Example: In v6.4, if the agent is deployed in a port (Ex ) then during upgrade, select etaconfig_14575.ini file from the file dropdown. *This is also applicable for v7.0/v7.1 to v7.2 For further configuration changes, please contact the PRISM support team. Prism Microsystems, Inc. 41
43 Post Upgrade Process: By default, EventTracker sets the Threat level of alerts imported from v6.4 as Undefined. Figure 56: Alert Management You need to explicitly set the threat level as per your requirement. To set the threat level, 1. Open EventTracker Enterprise. 2. Click the Admin hyperlink, and select Alerts. EventTracker displays Alert Management page. (See Figure 56) 3. Click the alert name to be modified. EventTracker displays Alert Configuration page. (See Figure 57) Figure 57: Alert Configuration 4. Select the threat level from Threat Level dropdown. 5. Click the Finish button. EventTracker saves the configuration settings. Prism Microsystems, Inc. 42
44 Upgrading from v7.0 to v7.2 Enterprise Before you start with the upgrade process: Take a backup of VCP *.ini files If the VCP ports have been created, then before performing an upgrade from EventTracker v7.0 (any build) to v7.2 (any build), take a backup of the *.ini files (example: etaconfig_14580.ini) which are present in the RemoteInstaller folder. To take a backup of the VCP *.ini files: 1. Open <install dir>\ EventTracker\RemoteInstaller, and copy the VCP *.ini files. 2. Save the.ini files into some other location. 3. Once the EventTracker uninstallation is finished, copy and paste the VCP *.ini files saved earlier to the <install dir>\ EventTracker\RemoteInstaller folder. 4. After the successful upgrade, verify if the restored.ini files are reflecting in the Upgrade Remote Agent(s) >>Custom Config option >> File dropdown. Upgrade Procedure: Step 1: Uninstall EventTracker version Click Start > Settings > Control Panel > Add or Remove Programs > EventTracker > and click the Remove button Control Panel displays the confirmation message. OR Figure 58 Click Start > Programs > Prism Microsystems > EventTracker > and click Uninstall EventTracker EventTracker will display the confirmation message. Prism Microsystems, Inc. 43
45 Figure Click the Yes button. EventTracker starts uninstall process and displays Uninstall EventTracker confirmation pop up window. Figure 60 By default, EventTracker selects the data and configuration files to be retained. Keep the default selection as it is. Step 2: Restart the EventTracker Manager Server or System 1. Close all the open applications on the desktop. 2. Click Start > click Shut Down 3. Select the Restart option from the dropdown, and then click the OK button. Step 3: Install EventTracker v7.2 Enterprise. For the details Installation process, please refer EventTracker v7.2 Enterprise Installation Guide. Link: tion%20guide.pdf Step 4: Configure the service accounts, if the archives/reports are stored in the network path. Click here to read Configure the service accounts section. Prism Microsystems, Inc. 44
46 Step 5: Verify that the imported Categories, Alerts, Filters, Scheduled Reports and RSS Feeds are intact Verify Category: 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and click Category. EventTracker displays Category Management Page. 3. Search for the imported custom category under Category Tree tab. In addition, you can find the custom category on the right side of the page, in Last 10 modified categories list. Example: My Category OR Figure 61 Category Click the Search tab, enter the Category name in Search field, and then click the Go button. Prism Microsystems, Inc. 45
47 Figure 62 Verify Alerts: 1. Click the Admin hyperlink, and click Alerts. EventTracker displays Alert Management page. Figure 63 Alert Management 2. Enter the Alert name in Search Field, and then click the Go button. Example: My Alert Prism Microsystems, Inc. 46
48 Figure 64 To find Alerts in the list, you can make use of scroll bar and the page numbers provided at the bottom of Alert Management page. Verify Filters: 1. Click the Admin hyperlink, and click Event Filters. EventTracker displays Event Filters page. The newly imported filters are listed in this page. Example: My Filter Figure Click the Filter name to see the imported filter details. EventTracker displays Event Filter configuration page. Prism Microsystems, Inc. 47
49 Figure 66: Event Filter Configuration Verify RSS Feeds: Click the Admin hyperlink, and then click the RSS. EventTracker displays RSS Feeds page. The newly imported RSS Feeds are listed in this page. Example: New Feeds Figure 67: RSS Feeds Step 6: Upgrade all Windows Agents using the System Manager EventTracker Agent upgrade is necessary to keep the agents up to date with the manager system. 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and select Systems. EventTracker displays System Manager Page. 3. Right click the desired domain/group name, and select Upgrade agent. Prism Microsystems, Inc. 48
50 Figure 68: System Manager EventTracker displays Upgrade Remote Agent(s) pop-up window. OR Figure 69:Upgrade Agent Move the cursor on the remote systems name (where the agent is to be installed), click the dropdown arrow, and select Upgrade Agent. Prism Microsystems, Inc. 49
51 Figure 70: Upgrade Agent EventTracker displays Upgrade Remote Agent(s) pop-up window. Figure Select checkbox next to the remote system where the agent is to be upgraded, and click the Next button. Prism Microsystems, Inc. 50
52 Figure 72 NOTE: To upgrade change audit agent, select the checkbox in the Change Audit column. Figure Select Windows Domain Network option, and fill in the user credentials, Prism Microsystems, Inc. 51
53 OR Figure 74 Select the Upgrade over IP (Non-Windows Domain) option. Figure Select Install default Remedial Action EXEs on this system checkbox, EventTracker displays confirmation message. Prism Microsystems, Inc. 52
54 7. Click the OK button, and click the Upgrade button. EventTracker displays information message. Figure Click the OK button. EventTracker displays System Status screen. Figure 77 Figure 78: System Status 9. Click the refresh button, to see the latest status as it may take some time to load the status of system. Prism Microsystems, Inc. 53
55 Figure 79 Prism Microsystems, Inc. 54
56 Upgrading from v7.1 to v7.2 Enterprise Before you start with the upgrade process Close/terminate all the EventTracker components like EventTracker Enterprise, EventTracker Control panel, including RDP (Remote Desktop Protocol) sessions. Upgrade Procedure Step 1: Close/terminate all the EventTracker Components Before you start with upgrade, it is very crucial to close/terminate all the EventTracker components present in the system, like EventTracker Enterprise, EventTracker Control Panel, and even RDP (Remote Desktop Protocol) session. During uninstall, If any of the EventTracker component is open then EventTracker asks you to close the program. Figure 80 Close the open component and then click the Retry button. EventTracker resumes uninstall process. Prism Microsystems, Inc. 55
57 Step 2: Uninstall version Click Start > Settings > Control Panel > Add or Remove Programs > EventTracker > and click the Remove button Control Panel displays the confirmation message. OR Figure 81 Click Start > Programs > Prism Microsystems > EventTracker > and click Uninstall EventTracker EventTracker will display the confirmation message. 2. Click the Yes button. EventTracker starts uninstall process. Figure 82 Figure 83 EventTracker displays, Uninstall EventTracker confirmation pop up window. Prism Microsystems, Inc. 56
58 Figure 84 By default the checkboxes are selected. Keep the default selection to retain the data and configurations. 3. Click the OK button. Step 3: Restart the EventTracker Manager Server or System 1. Close all the open applications on the desktop. 2. Click Start > click Shut Down 3. Select the Restart option from the dropdown, and then click the OK button. Step 4: Install EventTracker v7.2 Enterprise. For the details Installation process, please refer EventTracker v7.2 Enterprise Installation Guide. Link: Step 5: Configure the service accounts, if the archives/reports are stored in the network path. Click here to read Configure the service accounts section. Step 6: Verify that the Categories, Alerts, Filters, and RSS Feeds are intact Verify Category: 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and click Category. EventTracker displays Category Management Page. 3. Search for the imported custom category under Category Tree tab. In addition, you can find the custom category on the right side of the page, in Last 10 modified categories list. Example: New Category Prism Microsystems, Inc. 57
59 OR Figure 85: Category Management Click the Search tab, enter the Category name in Search field, and then click the Go button. Figure 86 Prism Microsystems, Inc. 58
60 Verify Alerts: 1. Click the Admin hyperlink, and click Alerts. EventTracker displays Alert Management page. Figure 87: Alert Management 2. Enter the Alert name in Search Field,and click the Go button. Figure 88 To find Alerts in the list, you can make use of scroll bar and the page numbers provided at the bottom of Alert Management page. Prism Microsystems, Inc. 59
61 Verify Filters: 1. Click the Admin hyperlink, and click Event Filters. EventTracker displays Event Filters page. The newly imported filters are listed in this page. Figure 89: Event Filter Configuration 2. Click the Filter name to see the imported filter details. EventTracker displays Event Filter configuration page. Figure 90: Event Filter Configuration Verify RSS Feeds: 1. Click the Admin hyperlink, and click the RSS. 2. EventTracker displays RSS Feeds page. The newly imported RSS Feeds are listed in this page. Prism Microsystems, Inc. 60
62 Figure 91: RSS Feeds Step 7: Upgrade all Windows Agents using the System Manager EventTracker Agent upgrade is necessary to keep the agents up to date with the manager system. 1. Log on to EventTracker Enterprise. 2. Click the Admin hyperlink, and select Systems. EventTracker displays System Manager Page. 3. Right click the desired domain/group name, and select Upgrade agent. Figure 92: System Manager EventTracker displays Upgrade Remote Agent(s) pop-up window. Prism Microsystems, Inc. 61
63 OR Figure 93: Upgrade Agent Move the cursor on the remote systems name (where the agent is to be installed), click the dropdown arrow, and select Upgrade Agent. Figure 94: Upgrade Agent EventTracker displays Upgrade Remote Agent(s) pop-up window. Prism Microsystems, Inc. 62
64 Figure Select checkbox next to the remote system where the agent is to be upgraded, and click the Next button. Figure 96 NOTE: If you want to upgrade Change Audit agent then, select the checkbox in the Change Audit column. Prism Microsystems, Inc. 63
65 Figure Select Windows Domain Network option, and fill in the user credentials, OR Figure 98 Select the Upgrade over IP (Non Windows Domain) option. Prism Microsystems, Inc. 64
66 Figure Select Install default Remedial Action EXEs on this system checkbox, EventTracker displays confirmation message. Figure Click the OK button, and click the Upgrade button. EventTracker displays information message. 8. Click the OK button. EventTracker displays System Status screen. Figure 101 Prism Microsystems, Inc. 65
67 Figure 102 System Status 9. Click the refresh button, to see the latest status. NOTE: It may take some time to load the status. Figure 103 Step 8: Run KeywordMigration.exe file The keyword Indexer folder is restructured. To put the old indexed files into the new structure KeywordMigration.exe utility file has been provided along with build 7.2. This utility migrates the existing keyword files to the new structure. The path for utility file is <Install folder>\eventtrackerweb\bin\keywordmigration.exe Prism Microsystems, Inc. 66
68 Upgrading from v7.2 (Build 38) to v7.2 (any build) The procedure to upgrade from v7.2 (build 38) to v7.2 (any build) is same like upgrading from v7.1 to v7.2. For v7.2 (build 38) to v7.2 (any build) upgrade, please follow the detailed instructions given in the upgrading from v7.1 to v7.2 section. Prism Microsystems, Inc. 67
69 Configuring Service Accounts Configuring Service Accounts If the user is setting UNC path (Uniform Naming Convention) for storing Archives/Reports, then service account of EventTracker Scheduler, EventTracker EventVault, EventTracker Reporter, EventTracker Indexer & Event Correlator (if available) services should be made to run on the user account which will have full permission on the set UNC path. 1. Click the Start button, and select Run. 2. Type services.msc, and click the OK button. Figure In the Services window, search for EventTracker services. Figure Right click the service name, and click Properties. For example: Right click EventTracker EventVault service. EventTracker EventVault Properties (Local Computer) dialog box will appear on the screen. Prism Microsystems, Inc. 68
70 Configuring Service Accounts Figure Click Log On tab, and select This account option. Figure Enter the user credentials and correct password. The user name should be in domain name\user name format. 7. Click the Apply button. Warning message will be displayed on the desktop. Prism Microsystems, Inc. 69
71 Configuring Service Accounts 8. Click the OK button. Figure Click the OK button. 10. To run the service with new logon name, stop and start the service. 11. Likewise, for rest of the services, repeat step 4 to step 10 to change the service account. The Log On As column will display the changed service account name. Figure 109 Prism Microsystems, Inc. 70
EventTracker Upgrade Guide. Upgrade to v9.0
EventTracker Upgrade Guide Upgrade to v9.0 Publication Date: December 11, 2017 Introduction The purpose of this document is to help the existing users of EventTracker Enterprise to upgrade to a newer version,
More informationUpgrade Guide. Upgrading to EventTracker v7.1 Enterprise. Upgrade Guide Centre Park Drive Publication Date: Apr 11, 2011.
Upgrading to EventTracker v7.1 Enterprise Upgrade Guide 8815 Centre Park Drive Publication Date: Apr 11, 2011 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to
More informationUpgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.
Upgrading to EventTracker v6.4 b50 8815 Centre Park Drive Publication Date: Feb 17, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users upgrade from
More informationUpgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.
Upgrading to EventTracker v6.4 b50 Upgrade Guide 8815 Centre Park Drive Publication Date: Feb 17, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users
More informationEventTracker Upgrade Guide. Upgrade to v8.2
EventTracker Upgrade Guide Upgrade to v8.2 Publication Date: September 8, 2016 Introduction The purpose of this document is to help the existing users of EventTracker Enterprise to upgrade to a newer version,
More informationUpgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.
Upgrading to EventTracker v6.4 b50 Upgrade Guide 8815 Centre Park Drive Publication Date: Feb 17, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users
More informationUpgrade Guide. Upgrading to EventTracker v6.4 b50. Upgrade Guide Centre Park Drive Publication Date: Feb 17, 2010.
Upgrading to EventTracker v6.4 b50 8815 Centre Park Drive Publication Date: Feb 17, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users upgrade from
More informationRemote Indexing Feature Guide
Remote Indexing Feature Guide EventTracker Version 8.2 Publication Date: Sept. 8, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is
More informationNew Features Guide EventTracker v6.2
New Features Guide EventTracker v6.2 Publication Date: Aug 04, 2008 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com The information contained in this document represents the
More informationInstallation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:
EventTracker Enterprise Install Guide 8815 Centre Park Drive Publication Date: Aug 03, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users install
More informationIntegrate MySQL Server EventTracker Enterprise
Integrate MySQL Server EventTracker Enterprise Publication Date: Nov. 3, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationInstallation Guide Install Guide Centre Park Drive Publication Date: Feb 11, 2010
EventTracker Install Guide 8815 Centre Park Drive Publication Date: Feb 11, 2010 Columbia MD 21045 U.S. Toll Free: 877.333.1433 Abstract The purpose of this document is to help users install and configure
More informationIntegrating Barracuda SSL VPN
Integrating Barracuda SSL VPN EventTracker v7.x Publication Date: April 13, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this guide This guide provides instructions
More informationAgent Installation Using Smart Card Credentials Detailed Document
Agent Installation Using Smart Card Credentials Detailed Document Publication Date: Sept. 19, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document is to
More informationEventTracker Manual Agent Deployment User Manual Version 7.x
EventTracker Manual Agent Deployment User Manual Version 7.x Publication Date: Nov 12, 2013 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract EventTracker Agent deployment
More informationEventTracker: Backup and Restore Guide Version 7.x/8
EventTracker: Backup and Restore Guide Version 7.x/8 Publication Date: Aug 4, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About This Guide Abstract Best practices always
More informationIntegrate Malwarebytes EventTracker Enterprise
Integrate Malwarebytes EventTracker Enterprise Publication Date: Aug. 12, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationEventTracker Manual Agent Deployment User Manual
EventTracker Manual Agent Deployment User Manual Publication Date: August 14, 2012 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract EventTracker agent deployment processes
More informationIntegrate TippingPoint EventTracker Enterprise
Integrate TippingPoint EventTracker Enterprise Publication Date: Nov. 7, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationIntegrating Terminal Services Gateway EventTracker Enterprise
Integrating Terminal Services Gateway EventTracker Enterprise Publication Date: Jan. 5, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document
More informationIntegrate Sophos Enterprise Console. EventTracker v8.x and above
Integrate Sophos Enterprise Console EventTracker v8.x and above Publication Date: September 22, 2017 Abstract This guide provides instructions to configure Sophos Enterprise Console to send the events
More information8815 Centre Park Drive Columbia MD Publication Date: Dec 04, 2014
Publication Date: Dec 04, 2014 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide provides instructions to configure IBM DB2 Universal Database (UDB) to send the
More informationAgent Direct Log Archiver Configuration Guide
Agent Direct Log Archiver Configuration Guide EventTracker Version 7.x Publication Date: Sept 10, 2010 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com ABSTRACT The purpose of
More informationIntegrate Viper business antivirus EventTracker Enterprise
Integrate Viper business antivirus EventTracker Enterprise Publication Date: June 2, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationIntegrate Trend Micro InterScan Web Security
Integrate Trend Micro InterScan Web Security EventTracker Enterprise Publication Date: Mar. 23, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide
More informationIntegrate Trend Micro Control Manager. EventTracker v8.x and above
Integrate Trend Micro Control Manager EventTracker v8.x and above Publication Date: May 24, 2018 Abstract This guide provides instructions to configure Trend Micro Control Manager to generate logs for
More informationIntegrate Windows PowerShell
Integrate Windows PowerShell EventTracker Enterprise Publication Date: Feb 23, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationEventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD
EventTracker v8.2 Install Guide for EventTracker Log Manager Publication Date: Jun. 10, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide will help the
More informationIntegrate Microsoft Office 365. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: March 5, 2017 Abstract This guide provides instructions to configure Office 365 to generate logs for critical events. Once EventTracker is configured to collect
More informationIntegrating Cyberoam UTM
Integrating Cyberoam UTM EventTracker Enterprise Publication Date: Jan 6, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide helps you in configuring Cyberoam
More informationIntegrate Dell FORCE10 Switch
Publication Date: December 15, 2016 Abstract This guide provides instructions to configure Dell FORCE10 Switch to send the syslog events to EventTracker. Scope The configurations detailed in this guide
More informationIntegrate Check Point Firewall. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: March 23, 2017 Abstract This guide helps you in configuring Check Point and EventTracker to receive Check Point events. You will find the detailed procedures
More informationKaseya 2. Installation guide. Version R8. English
Kaseya 2 Kaseya Server Setup Installation guide Version R8 English October 24, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationFeature List. EventTracker v7.6. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Sep 15, 2014
Feature List EventTracker v7.6 Publication Date: Sep 15, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document gives a brief overview regarding the features
More informationEventTracker: Virtual Appliance
Quick Start Guide Version 7.5 Publication Date: Nov 18, 2013 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About This Guide Abstract The EventTracker Virtual Appliance enables
More informationIntegrate Juniper Secure Access VPN
Integrate Juniper Secure Access VPN EventTracker Enterprise Publication Date: Jan. 5, 2017 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate
More informationIntegrating Microsoft Forefront Unified Access Gateway (UAG)
Integrating Microsoft Forefront Unified Access Gateway (UAG) EventTracker v7.x Publication Date: Sep 17, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide
More informationHow to - Install EventTracker and Change Audit Agent
How to - Install EventTracker and Change Audit Agent Agent Deployment User Manual Publication Date: Jun. 6, 2017 USA: 1.877.333.1433 Intl: +1.410.953.6776 www.eventtracker.com Abstract EventTracker Agent
More informationEventVault Introduction and Usage Feature Guide Version 6.x
EventVault Introduction and Usage Feature Guide Version 6.x Publication Date: Jun 12, 2009 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com ABSTRACT The purpose of this document
More informationIntegrating Microsoft Forefront Threat Management Gateway (TMG)
Integrating Microsoft Forefront Threat Management Gateway (TMG) EventTracker v7.x Publication Date: Sep 16, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This
More informationIntegrate NGINX. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: April 11, 2018 Abstract This guide provides instructions to forward syslog generated by NGINX to EventTracker. EventTracker is configured to collect and parse
More informationInstallation Guide. for 6.5 and all add-on modules
Kaseya Server Setup Installation Guide for 6.5 and all add-on modules February 11, 2014 Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationIntegrate Saint Security Suite. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: June 6, 2018 Abstract This guide provides instructions to configure Saint Security Suite to send crucial events to EventTracker Enterprise by means of syslog.
More informationIntegrate Meraki WAP. EventTracker Enterprise. EventTracker 8815 Centre Park Drive Columbia MD
Integrate Meraki WAP EventTracker Enterprise Publication Date: Nov. 14, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationIntegrate pfsense EventTracker Enterprise
Integrate pfsense EventTracker Enterprise Publication Date: Jul.18, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationIntegrate Fortinet Firewall. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: October 31, 2017 Abstract This guide provides instructions to configure Fortinet Firewall to send crucial events to EventTracker Enterprise by means of syslog.
More informationIntegrate Microsoft IIS
Integrate Microsoft IIS EventTracker Enterprise Publication Date: Jan. 5, 2017 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract IIS (Internet Information Services) is
More informationEventTracker: Virtual Appliance
EventTracker: Virtual Appliance Quick Start Guide Version 8.1 Build 9 Publication Date: Feb. 8, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The EventTracker
More informationEventTracker: Virtual Appliance
Quick Start Guide Version 7.6 Publication Date: Sep 18, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The EventTracker Virtual Appliance enables you to capture
More informationIntegrate Microsoft Hyper-V Server
Integrate Microsoft Hyper-V Server EventTracker Enterprise Publication Date: Jul. 20, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate
More informationIntegrate Microsoft ATP. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: August 20, 2018 Abstract This guide provides instructions to configure a Microsoft ATP to send its syslog to EventTracker Enterprise. Scope The configurations
More informationEventTracker v8.3. Install Guide
EventTracker v8.3 Install Guide Publication Date: May 26, 2017 Abstract This guide will help the users to install and configure EventTracker Enterprise, and verify the expected functionality of all its
More informationIntegrate Barracuda Spam Firewall
Integrate Barracuda Spam Firewall Publication Date: November 10, 2015 Abstract This guide provides instructions to configure Barracuda Spam Firewall to send the events to EventTracker. Scope The configurations
More informationEventTracker Enterprise v8.1
EventTracker Enterprise v8.1 Install Guide Publication Date: Jan. 28, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide will help the users to install
More informationIntegrate IIS SMTP server. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: May 29, 2017 Abstract This guide helps you in configuring IIS SMTP server and EventTracker to receive SMTP Server events. In this guide, you will find the
More informationIntegrate Cb Defense. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: June 18, 2018 Abstract This guide helps you in configuring Cb Defense with EventTracker to receive Cb Defense events. In this guide, you will find the detailed
More informationIntegrate Citrix NetScaler
Publication Date: December 08, 2016 Abstract This guide helps you in configuring Citrix NetScaler and EventTracker to receive Citrix NetScaler events. You will find the detailed procedures required for
More informationIntegrate EMC Isilon. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: March 3, 2017 Abstract This guide helps you in configuring EMC Isilon and EventTracker to receive EMC Isilon events. In this document, you will find the detailed
More informationIntegrate HP ProCurve Switch
Publication Date: September 24, 2015 Abstract This guide provides instructions to configure HP ProCurve Switch to send the event logs to EventTracker. Once events are configured to send to EventTracker
More informationService Pack ET90U Feature Document
Service Pack ET90U18-025 Feature Document Publication Date: September 12, 2018 Abstract This Guide will guide you with the enhancements added in the Service Pack (ET90U18-025). Audience User(s) who are
More informationIntegrating Cisco Distributed Director EventTracker v7.x
Integrating Cisco Distributed Director EventTracker v7.x Publication Date: July 28, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions
More informationDocAve Content Shield v2.2 for SharePoint
DocAve Content Shield v2.2 for SharePoint User Guide For SharePoint 2007 Revision A Issued August 2012 1 Table of Contents Table of Contents... 2 About DocAve Content Shield for SharePoint... 4 Complementary
More informationIntegrate Symantec Messaging Gateway. EventTracker v9.x and above
Integrate Symantec Messaging Gateway EventTracker v9.x and above Publication Date: May 9, 2018 Abstract This guide provides instructions to configure a Symantec Messaging Gateway to send its syslog to
More informationEvent Correlator. EventTracker v8.x
Event Correlator EventTracker v8.x Publication Date: June 27, 2017 Abstract The purpose of this document is to guide the EventTracker users to understand, create correlation rules for v8.x and generate
More informationIntegrate Sophos UTM EventTracker v7.x
Integrate Sophos UTM EventTracker v7.x Publication Date: April 6, 2015 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to configure
More informationIntegrate Akamai Web Application Firewall EventTracker v8.x and above
Integrate Akamai Web Application Firewall EventTracker v8.x and above Publication Date: May 29, 2017 Abstract This guide helps you in configuring Akamai WAF and EventTracker to receive events. In this
More informationEventTracker Log Manager User Guide
EventTracker Log Manager User Guide Version 8.1 Publication Date: Feb. 22, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Copyright All intellectual property rights in
More informationIntegrate Sophos Appliance. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: December 26, 2017 Abstract This guide provides instructions to configure a Sophos Email Appliance to send its syslog to EventTracker Enterprise Scope The configurations
More informationLepideAuditor for File Server. Installation and Configuration Guide
LepideAuditor for File Server Installation and Configuration Guide Table of Contents 1. Introduction... 4 2. Requirements and Prerequisites... 4 2.1 Basic System Requirements... 4 2.2 Supported Servers
More informationVersion Installation Guide. 1 Bocada Installation Guide
Version 19.4 Installation Guide 1 Bocada Installation Guide Copyright 2019 Bocada LLC. All Rights Reserved. Bocada and BackupReport are registered trademarks of Bocada LLC. Vision, Prism, vpconnect, and
More informationIntegrate Apache Web Server
Publication Date: January 13, 2017 Abstract This guide helps you in configuring Apache Web Server and EventTracker to receive Apache Web server events. The detailed procedures required for monitoring Apache
More informationIntegration of Phonefactor or Multi-Factor Authentication
or Multi-Factor Authentication Publication Date: October 05, 2015 Abstract This guide provides instructions to configure phonefactor to send the event logs to EventTracker. Once events are configured to
More informationIntegrating Imperva SecureSphere
Integrating Imperva SecureSphere Publication Date: November 30, 2015 Abstract This guide provides instructions to configure Imperva SecureSphere to send the syslog events to EventTracker. Scope The configurations
More informationIntegrate Microsoft Antimalware. EventTracker v8.x and above
Integrate Microsoft Antimalware EventTracker v8.x and above Publication Date: September 6, 2017 Abstract This guide provides instructions to configure Microsoft Antimalware to send logs to EventTracker
More informationSafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem
version 5.2.2 DataLocker Inc. July, 2017 SafeConsole Reference for SafeConsole OnPrem 1 Contents Introduction................................................ 2 How do the devices become managed by SafeConsole?....................
More informationVMware vrealize Operations for Horizon Installation. VMware vrealize Operations for Horizon 6.3
VMware vrealize Operations for Horizon Installation VMware vrealize Operations for Horizon 6.3 VMware vrealize Operations for Horizon Installation You can find the most up-to-date technical documentation
More informationIntegrate Cisco Sourcefire
Integrate Cisco Sourcefire EventTracker Enterprise Publication Date: April 18, 2016 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com About this Guide This guide will facilitate
More informationIntegrate Palo Alto Traps. EventTracker v8.x and above
EventTracker v8.x and above Publication Date: August 16, 2018 Abstract This guide provides instructions to configure Palo Alto Traps to send its syslog to EventTracker Enterprise. Scope The configurations
More informationEventTracker v9.0. Install Guide
EventTracker v9.0 Install Guide Publication Date: December 11, 2017 Abstract This guide will help the users to install and configure EventTracker Enterprise, and verify the expected functionality of all
More informationHow to - Install EventTracker Windows and Change Audit Sensor Sensor Deployment User Manual-v9.1
How to - Install EventTracker Windows and Change Audit Sensor Sensor Deployment User Manual-v9.1 Publication Date: January 30, 2019 Abstract EventTracker Sensor deployment processes are described in detail
More informationInstallation Guide. Version R94. English
Kaseya Server Setup Installation Guide Version R94 English September 20, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationIntegrate F5 BIG-IP LTM
Publication Date: October 30, 2015 Abstract This guide provides instructions to configure F5 BIG-IP LTM to send the syslog events to EventTracker. Scope The configurations detailed in this guide are consistent
More informationIntegrate McAfee Firewall Enterprise VPN
Integrate McAfee Firewall Enterprise VPN Publication Date: January 06, 2016 Abstract This guide provides instructions to configure McAfee Firewall Enterprise (Sidewinder) VPN to send the syslog events
More informationIntegrate Bluecoat Content Analysis. EventTracker v9.x and above
EventTracker v9.x and above Publication Date: June 8, 2018 Abstract This guide provides instructions to configure a Bluecoat Content Analysis to send its syslog to EventTracker Enterprise. Scope The configurations
More informationVMware vrealize Operations for Horizon Installation
VMware vrealize Operations for Horizon Installation vrealize Operations for Horizon 6.4 Installation vrealize Operations for Horizon 6.4 This document supports the version of each product listed and supports
More informationHow to - Install EventTracker Windows and Change Audit Sensor Sensor Deployment User Manual-v9.0
How to - Install EventTracker Windows and Change Audit Sensor Sensor Deployment User Manual-v9.0 Publication Date: January 22, 2018 Abstract EventTracker Sensor deployment processes are described in detail
More informationVMware vrealize Operations for Horizon Installation. VMware vrealize Operations for Horizon 6.5
VMware vrealize Operations for Horizon Installation VMware vrealize Operations for Horizon 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationIntegrate Cisco VPN Concentrator
Integrate Cisco VPN Concentrator EventTracker v7.x Publication Date: July 24, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This guide provides instructions to
More informationVeriato Recon / 360. Version 9.0.3
Veriato Recon / 360 Version 9.0.3 1/3/2018 Upgrade Guide January 3, 2018 Table of Contents Before You Begin... 1 What's New... 1 How the System Works... 1 Upgrade Support... 6 Update Antivirus Exclusions...
More informationNetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.
Privileged Account Manager 3.5 Release Notes July 2018 NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues. Many of these improvements were
More informationEventTracker: Backup and Restore Guide Version 9.x
EventTracker: Backup and Restore Guide Version 9.x Publication Date: June 6, 2018 Abstract Best practices always advice us to retain periodic backups of all critical applications data. For EventTracker,
More informationIntegrate Cisco IOS Publication Date: April 15, 2016
Publication Date: April 15, 2016 Abstract This guide provides instructions to configure Cisco IOS to send the syslog events to EventTracker. Scope The configurations detailed in this guide are consistent
More informationMonitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker
Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker Publication Date: June 12, 2012 Abstract EventTracker allows you to effectively manage your systems and provides operational efficiencies
More informationNetwrix Auditor for Active Directory
Netwrix Auditor for Active Directory Quick-Start Guide Version: 8.0 4/22/2016 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationAT&T Core Mobility Integrated Dispatch Console User Guide. Installation Guide. AT&T Integrated Dispatch Console 3.0
Installation Guide AT&T Integrated Dispatch Console 3.0 October 2016 Table of Content 1. Introduction... 3 1.1. Purpose and Scope... 3 1.2. Terms and Definitions... 3 1.3. About this Manual... 5 1.4. What
More informationConfigure Alerts. EventTracker v6.x. EventTracker 8815 Centre Park Drive Columbia MD Publication Date: Jun 12, 2009
Configure Alerts EventTracker v6.x Publication Date: Jun 12, 2009 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com ABSTRACT The purpose of this document is to describe the configuration
More informationDell Repository Manager Business Client Version 2.0 User s Guide
Dell Repository Manager Business Client Version 2.0 User s Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION
More informationIntegrate Veeam Backup and Replication. EventTracker v9.x and above
Integrate Veeam Backup and Replication EventTracker v9.x and above Publication Date: September 27, 2018 Abstract This guide provides instructions to configure VEEAM to send the event logs to EventTracker
More informationInstallation on Windows Server 2008
USER GUIDE MADCAP PULSE 4 Installation on Windows Server 2008 Copyright 2018 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described
More informationLiveNX Upgrade Guide from v5.1.2 to v Windows
LIVEACTION, INC. LiveNX Upgrade Guide from v5.1.2 to v5.1.3 - Windows UPGRADE LiveAction, Inc. 3500 Copyright WEST BAYSHORE 2016 LiveAction, ROAD Inc. All rights reserved. LiveAction, LiveNX, LiveUX, the
More information